spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: idnits

2005-05-12 16:35:11
from [wayne] [Permanent Link] 
In <4283D91B(_dot_)3363(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann 
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:


wayne wrote:


SHOULD be placed above the Received: headers.  I once
argued with Meng that this SHOULD should be changed to
MUST, but Meng disagreed and I haven't changed it.


I haven't checked it, but I think Meng got it right.  And
header fields don't necessarily arrive in a chronological
order, a MUST would only offer another opportunity for an
attack.  Actually that's one of the reasons against PRA.


To quote RFC2822 section 3.6 "Field defintions":

   [snip] More importantly, the trace header fields and resent
   header fields MUST NOT be reordered, and SHOULD be kept in blocks
   prepended to the message.  See sections 3.6.6 and 3.6.7 for more
   information.

The Received-SPF header is defined to be a trace field.  Yes, the part
that I snipped warned about reordering header fields, but the point is
that adding trace fields during an SMTP session is allowed, but adding
non-trace fields is technically not allowed.

To quote RFC2821 section 3.7 "Relaying"

   As discussed in section 2.4.1, a relay SMTP has no need to inspect or
   act upon the headers or body of the message data and MUST NOT do so
   except to add its own "Received:" header (section 4.4) and,
   optionally, to attempt to detect looping in the mail system (see
   section 6.2).

RFC2821 actually makes several similar statements about it being
required to prepend trace headers, but not to do anything else with
the message.

One of the things Bruce was complaining about with
authenticated-results: header is that it's I-D calls for deleting
previous headers and inserting a new one after the trace headers.




I have been using the ABNF checker at:
http://www.apps.ietf.org/abnf.html


Scott said "don't use this" proposing Bill's checker in LTRU:


On http://www.ietf.org/ID-Checklist.html in section 3.5.C, it says
that all ABNF must be checked and gives a link to the apps.ietf ABNF
validator.  If Scott is serious about people not using it, he should
work to get the IETF webpages updated to no longer recommend it.



I liked the longer comments on each terms, so I left them
the way they were.


Maybe just add "; " (semicolon space) in front of these beasts.


Actually, I took your advice and emailed Bill Fenner.  He recommend
doing the obvious:  use prose-val rules.  So, the rules are now in the
form of

   dot-atom         = <unquoted word as per [RFC2822]>
   quoted-string    = <quoted string as per [RFC2822]>
   comment          = <comment string as per [RFC2822]>
   CFWS             = <comment or folding white space as per [RFC2822]>
   FWS              = <folding white space as per [RFC2822]>


-wayne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scoping Syntax for spf1 records, Frank Ellermann
Next by Date:  Re: HELO versus MAILFROM results, Frank Ellermann
Previous by Thread:  Re: Re: idnits, william(at)elan.net
Next by Thread:  Re: idnits, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]